Dailydave mailing list archives
Vulnerabilities Market
From: Jason Syversen <jason.syversen () gmail com>
Date: Wed, 19 May 2010 13:33:09 -0400
There's a good survey of the 0-day vulnerabilities market with breakdowns by vendor including pricing, trustworthiness and friendliness posted online at http://unsecurityresearch.com/index.php?option=com_content&view=article&id=52&Itemid=57 (thanks to @reversemode RT @nrathaus). I went through the survey and did some analysis of average prices by client side vulnerabilities, server side vulnerabilities and both as well as percentage of purchases that are "high value" and off the survey charts: http://cyber-son.blogspot.com/2010/05/vulnerability-market-numbers.html Also some good reading material in an older post ( http://cyber-son.blogspot.com/2009/09/vulnerability-research-market.html) including some of the groups advertising research, Pedram's excellent briefing on the market and some other papers. Hadn't seen that information disseminated widely and thought there would be interest. I'm always interested in quantifying more of what's going on in the community and particularly in computer security markets like this one that tend to be extremely opaque. Hopefully more people will fill out his survey so there is improved statistical sampling. I suspect the current margin of error is workable but definitely not negligible. Enjoy. Jason
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Vulnerabilities Market Jason Syversen (May 19)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Steve Shockley (May 24)
- Re: Vulnerabilities Market Shane (May 25)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market rajat swarup (May 21)
- <Possible follow-ups>
- Re: Vulnerabilities Market Michal Zalewski (May 24)